@**
 * Parts Copyright (C) 2014 Kaj Magnus Lindberg
 * Parts Copyright (C) 2014 Civilized Discourse Construction Kit, Inc
 * Licensed under CC-BY-SA.
 *@

@(tpi: debiki.SiteTpi)

@mustLoginToRead = @{ tpi.siteSettings.userMustBeAuthenticated }

@*
UX COULD incls default scripts so looks nice, if is logged in, [7WKBAY02]
or if is a public community — then incl site specific styles?
@views.html.templates.wrapper(tpi) {
*@
<!DOCTYPE html>
<html>
<head>
<title>Privacy Policy</title>
</head>
<body>

<div class="container esLegal">

<div class="esLegal_home">@{/*
  href="/" will be wrong if coming from the forum and it's base path isn't /, but e.g.
  /forum/. Ignore this minor problem, for now. [7KUFS25]
  UX SHOULD show this Home link, if is logged in. [7WKBAY02] Also, I18N. Solution = move to Typescript*/}
  @if(!mustLoginToRead) {
    <a class="esLegal_home_link" href="/">Home</a><span class="esLegal_home_arw"> →</span>
  }
</div>

<ul class="legal nav nav-pills">
  <li class="nav-item-tou"><a href="/-/terms-of-use">Terms of Use</a></li>
  <li class="nav-item-privacy active"><a>Privacy</a></li>
</ul>


<h1>Privacy Policy</h1>

<div id="collect"></div>
<h2><a href="#collect">What information do we collect?</a></h2>
<p>
  We collect information from you when you post something to the site, or register on our site. We gather data when you participate in the forum by reading, writing, and evaluating the content shared here.
</p>

<p>
  When registering on our site, you may be asked to enter things like your name, username and e-mail address. You may, however, visit our site without registering. Your e-mail address will be verified by an email containing a unique link. If that link is visited, we know that you control the e-mail address.
  If you sign up at our site with Facebook or Gmail or some other social media account,
  we'll remember your account id so that when you return we know you're the same person.
  We also remember your name and email address (if provided).
</p>

<p>
  When registered and/or posting, we record the IP address that the post originated from. We also may retain server logs which include the IP address of every request to our server.
  We may also remember cookies browser and browser fingerprints.
</p>

<p>
  If you create a SaaS hosted site at www.talkyard.net, we record your mouse movements and
  button clicks, during the first 18 minutes of you (the site owner) using the site.
  Also, when you are at www.talkyard.io and the related demo sites.
  This helps us make Talkyard simpler to use — when we see what usability problems
  people run into. Any text you type, e.g. pages, categories, and replies you create,
  and private things like email addresses, are excluded from the recording.
</p>


<div id="use"></div>
<h2><a href="#use">What do we use your information for?</a></h2>
<p>Any of the information we collect from you may be used in one of the following ways:</p>
<ul>
  <li>We remember, for a while, the address to your and others' computers,
    and cookies and browser fingerprints,
    to stop spammers, internet troll armies, and people who harass others
    or do other bad things.
  </li>
  <li>To personalize your experience &mdash; your information helps us to better respond to your individual needs.</li>
  <li>To improve our site &mdash; we continually strive to improve our site offerings based on the information and feedback we receive from you.</li>
  <li>To improve customer service &mdash; your information helps us to more effectively respond to your customer service requests and support needs.</li>
  <li>To send periodic emails &mdash; The email address you provide may be used to send you information, notifications that you request about changes to topics or in response to your user name, respond to inquiries, and/or other requests or questions.</li>
</ul>

<div id="protect"></div>
<h2><a href="#use">How do we protect your information?</a></h2>
<p>
  We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.
</p>

<div id="data-retention"></div>
<h2><a href="#data-retention">What is our data retention policy?</a></h2>

<p>We will make a good faith effort to:
</p>
<ul>
<li>Retain server logs containing the IP address of all requests to this server no more than 90 days.</li>
<li>Retain the full IP addresses associated with registered users and their posts no more than one year. Then we delete the last octet in the IP address. After five years we delete the third octet too.</li>
</ul>

@* Thereafter we delete the last octet — then they
become rather useless for trying to identify anyone. *@

<h3>You can delete your account and personal data</h3>

<p>To delete your account:
Log in, click your username menu in the upper right corner,
click <b>View/edit your profile</b>,
then click <b>Preferences</b>,
<b>Account</b>,
scroll down and click <b>Delete account</b>.
— There's also a button, just above the delete button, that lets you download your personal data.
</p>

<p>If you delete your account, we delete your personal data, e.g. your email, any online
identities (like Facebook id), any full name you might have specified — except for your @@username
and previous @@username:s, to prevent someone else to signup with your former usernames
and impersonate you. We remove your name from old comments you've posted.
If we have banned you from our site, we might remember a hash
of any online identities you've signed up with, to prevent
you from signing up again with those identities.
@* PRIVACY UX how reprhase that in a way "everyone" understands? How explain what a hash is? *@
</p>


<div id="cookies"></div>
<h2><a href="#cookies">Do we use cookies?</a></h2>
<p>
  Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account.
</p>

@* Maybe most sites haven't configured Google Analytics — but lets' write that Google Analytics
  is in use anyway, so they can safely start using it later should they want to without
  wondering about if it's ok w.r.t. the privacy policy. *@
<p>
  We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers (for example, we use Google Analytics) to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.
</p>

<p>
  We also use cookies, and browser fingerprints, to stop spammers and astroturfers
  (someone who signs up many many times and prevents to be many different people)
  and other ill-behaved people.
</p>

<div id="disclose"></div>
<h2><a href="#disclose">Do we disclose any information to outside parties?</a></h2>
<p>
  We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
</p>

<p>
  The most interesting examples of when we transfer data to others, could be 1) when you sign up
  or post a comment. Then we might send your IP address, email address
  and the comment to spam check services, like Akismet and www.stopforumspam.com,
  to find out if you're a known spammer, or if the comment is spam.
  And 2) email notifications (which can include posts by you) get sent via an email service
  like Amazon SES or Mailgun.
  And 3) if we record (parts of) your browser session, it'll get sent to
  a user experience optimization company like HotJar or Fullstory
  (private data, like emails, and any text you type, are excluded).
</p>

<p>Other examples of third parties we use or want to use in the future, are Google Analytics,
  Google Cloud Vision API (to detect not-safe-for-work images) and
  Google Perspective API (to detect toxic comments).
</p>

@* Maybe needn't list all services? Wait and see what others do.
  Google Safe Browsing API
  URL blocklist e.g. dbl.spamhaus.org, multi.uribl.com, uribl.com.
*@


<div id="third-party"></div>
<h2><a href="#third-party">Third party links</a></h2>
<p>
  Occasionally, at our discretion, we may include or offer third party products or services on our site. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
</p>

<div id="coppa"></div>
<h2><a href="#coppa">Children's Online Privacy Protection Act Compliance</a></h2>
<p>
  Our site, products and services are all directed to people who are at least 13 years old or older. If this server is in the USA, and you are under the age of 13, per the requirements of COPPA (<a href="https://en.wikipedia.org/wiki/Children's_Online_Privacy_Protection_Act">Children's Online Privacy Protection Act</a>), do not use this site.
</p>

<div id="online"></div>
<h2><a href="#online">Online Privacy Policy Only</a></h2>
<p>
  This online privacy policy applies only to information collected through our site and not to information collected offline.
</p>

<div id="consent"></div>
<h2><a href="#consent">Your Consent</a></h2>
<p>
  By using our site, you consent to our web site privacy policy.
</p>

<div id="changes"></div>
<h2><a href="#changes">Changes to our Privacy Policy</a></h2>
<p>
  If we decide to change our privacy policy, we will post those changes on this page.
</p>

<br>
<br>
<br>
<p>
  This document is CC-BY-SA. It was last updated on 2019-03-10.
  Originally adapted from the <a href="https://github.com/discourse/discourse/blob/master/app/views/static/privacy.en.html.erb">Discourse Privacy Policy</a>.
</p>
</div>

</body>
@* } *@
